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DETAILED ACTION 

1. Claims 1-12, 14-15, 17-21 are pending. Claims 19-21 have been added. Claim 13 has been 
cancelled. Claims 1, 4, 8, 10, 1 1, 12, 15 and 18 have been amended. This action is hereby made 
final. 

Response to Arguments 

2. An interview sheet has been submitted to the attorney at the 3/24/04 face-to-face interview 
conducted with the attorney. The examiner explained to the attorney how the prior art reads on 
the applicant's invention and the attorney agreed to amend to further more accurately specify his 
invention, so as to overcome the prior art rejection. 

3. The drawing corrections have been accepted. 

4. All comments made by the attorney have been noted by the examiner. All arguments with 
respect to the claim limitation are addressed below. 

4. The attorney argues that Awadallah et al does not disclose or teach the use of a list of 
process-specific ports. The attorney further argues that Awadallah uses port addresses and 
reserved ports for determining packet prioritization rather than port specific filtering. The prior 
art performs process specific filtering by reserving a certain group of port addresses. Instead of 
an administrator manually setting traffic filters (Awadallah et al, col. 1, lines 29-36), this is done 
dynamically by the packet mapper. "The packet mapper includes a mapping table that associates 
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application-related feature values with network-reserved feature values from a range of feature 
values reserved for use. .." (Awadallah et al, col. 1, lines 54-58). Hence process specific filtering 
can be achieved by the packet mapper. Furthermore, the attorney does not state anywhere in the 
claim limitation that the router/gateway "perform the function of detecting process-specific port 
addresses to 'pass through' the gateway without being translated." 

5. The amendments made have been rejected as shown below. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-7 and 19 are rejected under 35 U.S.C 103(a) as being unpatentable over 
Awadallah et al (6449251 Bl) in view of Boden et al (6615357 Bl) in further view of Stevens 
(TCP/IP Illustrated). 

With respect to Claim 1, the limitation: 

"a network address translating gateway connecting a LAN to an external 
network, said LAN using local IP addresses, said gateway having a local IP address that 
can be referenced by devices on said LAN and having an external IP address that can be 
referenced by devices on said external network" is met by Awadallah on column 3, lines 
60-67 and on column 4, line 1-8; and 
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"a plurality of internal tables associating combinations of local EP addresses of local 
devices on said LAN, external IP addresses of external devices on said external 
network. . . source port addresses, destination port addresses, process-specific port 
addresses, and maintaining a list of selected process-specific port addresses" is met by 
Awadallah on column 4, lines 30-33 and column 2, lines 26-29; and 
"means for performing normal address translation upon datagrams passing from said 
LAN to said external network and datagrams passing from said external network to said 
LAN" is met by Awadallah on column 3, lines 61-64; and 

"means for delivering a datagram from a local device on said LAN to an external device 
on said external network by receiving a datagram from a local device on said LAN 
intended for delivery to an external device on said external network, and determining 
whether the destination port address for said datagram is included in said list of selected 
process-specific port addresses if said destination port address is not included in said list 
of selected process-specific port addresses, performing normal address translation upon 
said datagram and passing said datagram to said external network for routing and 
delivery to said external device" by Awadallah on column 3, lines 61-67 and column 4, 
lines 1-4. The attorney does not define the term 'process-specific port addresses' so the 
examiner makes the broadest, most reasonable interpretation of this term as port 
addresses that are reserved for a specific/particular process. Reserved port addresses 
meet the limitation of process-specific port addresses because these port addresses are 
reserved for a particular process. 
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Awadallah et al does not meet the limitation of SPI values neither does he meet the 
limitation of IP the routing procedure. 

The SPI-In values, SPI-Out values referred to in the second limitation of Claim 1 is met 
by Boden on column 1, lines 55-59. It would have been obvious to one of ordinary skill 
in the art at the time the invention was made to combine the teachings of Boden within 
the system of Awadallah because SPI values are necessary parameters in a gateway 
managed by IPSec to be able to tell multiple connections that use the same protocol apart. 
The combination of Awadallah et al and Boden et al does not disclose the IP routing 
procedure. This is disclosed by Stevens as discussed below. 

The limitation "and if said destination port address is included in said list of selected 
process-specific port addresses, determining whether said destination port address is 
bound to a local IP address, and if said destination port address is bound to a local IP 
address, performing normal address translation upon said datagram and passing said 
datagram to said external network" is met by Stevens on Secton 3.3, page 37-38, 1 st 
paragraph; and 

"and if said destination port address is not bound to a local EP address, modifying said 
source IP address of said datagram to be said external IP address of said gateway, 
binding said destination port address to the local IP address of said local device and 
creating an association between said destination port address and the external IP address 
of said external device, and passing said datagram to said external network for routing 
and delivery to said external device" is inherent in Stevens in Section 3.3, page 37-38, 1 st 
paragraph. 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Stevens within the combination of Awadallah and 
Boden to obtain the claimed invention because the IP routing procedure is a basic routing 
procedure performed by a router/gateway to a host that is either within a LAN or that 
needs to be reached outside of the LAN though a router/gateway. 

With respect to Claim 2, all the limitation is met by the combination of Awadallah and 
Stevens except that described below. 

The limitation "wherein the means for delivering a datagram from a local device on said 
LAN to an external device further comprises a means for determining whether said 
datagram is encrypted and, if said datagram is encrypted, for determining whether the 
SPI of said datagram is recorded in the SPI - Out field in said internal table and, if said 
SPI is recorded in said SPI - Out field, modifying the source IP address of said datagram 
to be said external IP address of said gateway and passing said datagram to said external 
network for routing and delivery to said external device" is met inherently by Boden on 
column 1, lines 55-59 and column 3, lines 49-56. It is inherently met by Boden because 
SPI (Security Parameter Index) is an index used within IPSec to keep multiple 
connections distinct. If absent, the two connections to the same gateway using the same 
protocol could not be told apart and hence is necessary for the correct functioning of the 
gateway. 

It would have been obvious to combine the teachings of Boden within the combination of 
Awadallah et al and Stevens because the usage of SPI values forms a necessary part of 
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the IPsec protocol for routing packets through a gateway, or else the gateway would not 
be able to tell multiple connections apart. 



With respect to Claim 3, all the limitation is met by the combination of Awadallah et al and 
Stevens except the limitation described below. 

The limitation "if said SPI is not recorded in said SPI - Out field of said internal table, means for 
setting the SPI - In field corresponding to the local IP address of said local device equal to zero 
and setting said SPI - Out field equal to said SPI, modifying said source IP address of said 
datagram to be said external IP address of said gateway and passing said datagram to said 
external network for routing and delivery to said external device" is met inherently by Boden on 
column 1, lines 55-59 and column 3, lines 49-56 and explained in Claim 2 rejection above. 
It would have been obvious to combine the teachings of Boden within the combination of 
Awadallah et al and Stevens because the usage of SPI values forms a necessary part of the IPsec 
protocol for routing packets through a gateway, or else the gateway would not be able to tell 
multiple connections apart. 

With respect to Claim 4, the limitation " . ,and if said datagram is not encrypted, 
determining whether the destination port address for said datagram is included in said 
list of selected process-specific port addresses and, if said destination port address is not 
included in said list of selected process-specific port addresses, performing normal 
address translation upon said datagram and passing said datagram to said LAN for 
delivery to said local device, and if said destination port address is included in said list 
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of process-specific port addresses. . ." is met by Awadallah on column 3, lines 61-67, 
column 4, lines 1-4. The Awadallah does not meet the limitation involving SPI values. 
This is however met by Boden as discussed below. 

The limitation "wherein the network address translating gateway further comprises 
means for delivering a datagram from said external device to said local device by 
receiving a datagram from said external device on said external network intended for 
delivery to said local device on said LAN, means for determining whether said datagram 
is encrypted and, if said datagram is encrypted, determining whether the datagram's SPI 
is recorded in said SPI - In field of said internal table and, if said SPI is recorded in said 
SPI - In field, modifying the destination IP address of said datagram to be said local IP 
address of said local device and passing said datagram to said LAN for routing and 
delivery to said local device, and if said SPI is not recorded in said SPI- In field of said 
internal table, determining whether said SPI is not recorded in said SPI - In field 
corresponding to said IP address of said external device is equal to zero, and if said SPI 
- In field is not equal to zero, discarding said datagram, and if said SPI - In field is equal 
to zero, setting said SPI - In field equal to said SPI, modifying the destination IP address 
of said datagram to be said local IP address of said local device and passing said 
datagram to said LAN for delivery to said local device. . ." is met by Boden on column 
1, lines 55-59 and on column 3, lines 49-56. It would have been obvious to combine the 
teachings of Boden within the system of Awadallah because the use of SPI values is 
necessary to the correct operation of a gateway managing multiple connections. 
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The combination of Awadallah et al and Broden does not meet the limitation of the IP 
routing description disclosed below. This limitation is met by Stevens as shown below. 
The limitation "determining whether said destination port address is bound to a local IP 
address, and if said destination port address is not bound to a local IP address, 
discarding said datagram, and if said destination port address is bound to a local IP 
address, determining whether said destination port address is associated with the 
external IP address of said external device, and if said destination port address is 
associated with the external IP address of said external device, modifying said 
destination IP address of said datagram to be the bound local IP address of said local 
device, unbinding said destination port address from said local IP address, and passing 
said datagram to said LAN for delivery to said local device" is inherently met by 
Stevens on Section 3.3, page 37, 38, 1 st paragraph. This is a routine process in IP 
routing as inherently shown by Stevens. 
It would have been obvious to one of ordinary skill in the art to combine the teachings of 
Stevens within the combination of Awadallah et al and Boden et al because the IP routing 
procedure is a basic routing procedure performed by a router/gateway to a host that is 
either within a LAN or that needs to be reached outside of the LAN. 

With respect to Claim 5, the limitation "a timer, wherein, upon receiving a signal that a 
selected process-specific port address has become bound to an IP address, said timer will 
commence timing for a predetermined length of time and, upon the expiration of said 
predetermined length of time, will send a signal causing said selected process-specific 
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port address to become unbound from said IP address, and, upon receiving a signal 
indicating that said selected process-specific port address has become unbound from said 
IP address prior to the expiration of said predetermined length of time, said timer will 
stop timing and will reset" is met by Awadallah on column 6, lines 65-67 and column 7, 
lines 1-4. The attorney does not define the term 'process-specific port addresses' so the 
examiner makes the broadest, most reasonable interpretation of this term as port 
addresses that are reserved for a specific/particular process. Reserved port addresses 
meet the limitation of process-specific port addresses because these port addresses are 
reserved for a particular process. 

With respect to Claim 6, the limitation "in which said external network' is the internet" is met by 
Awadallah on column 1 , lines 29-3 1 . 

With respect to Claim 7, all the limitation is met by the combination of Awadallah and Stevens 
except the limitation of the LAN being a VPN. 

The limitation "in which said LAN is a virtual private network" is met by Boden on column 1, 
lines 24-25. 

It would have been obvious to combine the teachings of Boden within the combination of 
Awadallah and Stevens because a VPN is a common and well-known form of implementing a 
LAN. 
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With respect to Claim 19, the limitation of "wherein said list of selected process-specific port 
addresses comprises port 500" is met by Awadallah on column 5, lines 35-52. 

Claims 8, 10, 18, 20 and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Awadallah et al (6449251 Bl) in view of Stevens (TCP/IP Illustrated). 

With respect to Claim 8, the limitation "maintaining a plurality of tables associating 
local IP addresses of local devices on said LAN, external IP addresses of external 
devices on said external network, port addresses of said local devices, port addresses of 
said external devices, SPI - In values, SPI - Out values, and process-specific port 
addresses, and a list of selected process specific port addresses" is met by Awadallah on 
column 2, lines 26-29, 62-64 and on column 4, lines 30-33. 

The limitation "receiving a datagram from said LAN" is met by Awadallah on column 3, 
lines 64-67 and column 4, lines 1-4. 

The limitation "determining whether the destination port address for said datagram is 
included in said list of selected process-specific port addresses and, if said destination 
port address is not included in said table of reserved port addresses, performing normal 
address translation upon said datagram and passing said datagram to said external 
network for routing and delivery to said external device" is met by Awadallah on column 
3, lines 61-67, column 4, lines 1-4. The attorney does not define the term 'process- 
specific port addresses' so the examiner makes the broadest, most reasonable 
interpretation of this term as port addresses that are reserved for a specific/particular 
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process. Reserved port addresses meet the limitation of process-specific port addresses 
because these port addresses are reserved for a particular process. 
Awadallah however does not meet the limitation disclosed below. This is however met 
by Stevens as discussed below. 

The limitation "and if said destination port address is included in said list of selected 
process-specific port addresses, determining whether said destination port address is 
bound to an IP address, and if said destination port is bound to an IP address, performing 
normal address translation upon said datagram and passing said datagram to said external 
network, and if said destination port address is not bound to an IP address, modifying 
said source IP address to be said external IP address for said external device, binding said 
destination port address to the local IP address of said local device and creating an 
association between said destination port address and said external IP address of said 
external device, and passing said datagram to said external network for routing and 
delivery to said external device" is inherently met by Stevens on Section 3.3 on page 37- 
38, 1 st paragraph. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Stevens within the system of Awadallah because 
the IP routing procedure is a basic routing procedure performed by a router/gateway to a 
host that is either within a LAN or that needs to be reached outside of the LAN. 

With respect to Claim 10, the limitation is the reverse of Claim 8 and hence Claim 8 
rejection stands for Claim 10. The added limitation of ". . .determining whether said 
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destination port address is associated with the external IP address of said external 
device, and if said destination port address is associated with said external IP address of 
said external device. . is also met by Stevens on Section 3.3, page 37, 38, 1 st 
paragraph. This is a routine process in IP routing as inherently shown by Stevens. 

With respect to Claim 18, the limitation "a machine readable storage, having stored 
thereon a computer program comprising a plurality of code sections executable by a 
machine and for connecting a LAN to an external network via a network address 
translating gateway, said gateway having a local IP address that can be referenced by 
devices on said LAN and having an external IP address that can be referenced by devices 
on said external network, and further comprising a plurality of internal tables associating 
combinations of local IP addresses of local devices on said LAN, external IP addresses of 
external devices on said external network, source port addresses, destination port 
addresses, process-specific port addresses, and a list of selected process-specific port 
addresses, including at least port 500 for causing the machine. . ." is met by Awadallah et 
al on column 2, lines 26-29, column 3, lines 60-67, column 4, lines 1-8 and 30-33. The 
added limitation of port 500 being used is met by Awadallah et al on column 5, lines 35- 
52. The attorney does not define the term 'process-specific port addresses' so the 
examiner makes the broadest, most reasonable interpretation of this term as port 
addresses that are reserved for a specific/particular process. Reserved port addresses 
meet the limitation of process-specific port addresses because these port addresses are 
reserved for a particular process. 
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The limitation "processing a datagram from a local device on said LAN by receiving a 
datagram from a local device on said LAN intended for delivery to an external device on 
said external network" is met by Awadallah on column 3, lines 60-67 and column 4, lines 
1-2; and 

The limitation "determining whether the destination port address for said datagram is 
included in said list of selected process-specific port addresses and determining whether 
said destination port address is bound to a local IP address on said LAN; and if said 
destination port address is not included in said list of selected process-specific port 
addresses, performing normal address translation upon said datagram and passing said 
datagram to said external network for routing and delivery to said external device" is met 
inherently by Awadallah et al on column 3, lines 61-67 and column 4, lines 1-4. 
Awadallah et al however does not disclose the limitation discussed below. This however 
is met by Stevens as shown below. 

The limitation "and if said destination port address is included in said list of selected 
process-specific port addresses, and said destination port address is bound to a local IP 
address, performing normal address translation upon said datagram and passing said 
datagram to said external network; and if said destination port address is not bound to a 
local IP address on said LAN, modifying said source IP address of said datagram to be 
said external IP address of said gateway, binding said destination port address to the local 
IP address of said local device and creating an association between said destination port 
address and the external IP address of said external device, and passing said datagram to 
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said external network for routing and delivery to said external device" is met by Stevens 
on Section 3.3, page 37, 38, 1 st paragraph. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Stevens within the system of Awadallah et al 
because the IP routing procedure is a basic routing procedure performed by a 
router/gateway to a host that is either within a LAN or that needs to be reached outside of 
the LAN. 

With respect to Claim 20 and 21, the limitation of "in which said list of selected process- 
specific port addresses comprises port 500" is met by Awadallah on column 5, lines 35- 
52. 

Claims 9, 1 1, 12, 14, 15, 17 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Awadallah et al (6449251 Bl) in view of Stevens (TCP/IP Illustrated) in further view of 
Boden et al (6615357 Bl). 

With respect to Claim 9, all the limitation is met by the combination of Awadallah and 
Stevens except the limitation disclosed below. 

The limitation "determining whether said datagram is encrypted and, if said datagram 
is encrypted, determining whether the SPI in said datagram is recorded in the SPI - Out 
field of one of said plurality of internal tables and, if said SPI is recorded in said SPI - 
Out field of said internal table, modifying the source IP address to be the external IP 
address of said gateway and passing said datagram to said external network for routing 
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and delivery to said external device, and if said SPI is not recorded in said SPI - Out 
field of said internal table, setting said SPI - Out field corresponding to the IP address 
of said external device equal to said SPI and setting the SPI - In field of said internal 
table to zero, modifying said source IP address to be said external IP address of said 
gateway, and passing said datagram to said external network for routing and delivery 
to said external device" is met inherently by Boden on column 1, lines 55-59 and on 
column 3, lines 49-56. 

It would have been obvious to one of ordinary skill in the art to combine the teachings 
of Boden within the combination of Awadallah and Stevens because the use of SPI 
values is necessary to the correct operation of a gateway managing multiple 
connections. 

With respect to Claim 1 1, all the limitation is met by the combination of Awadallah et 
al and Stevens. The limitation disclosed below is met by Boden. 
The limitation "determining whether the SPI in said datagram is recorded in the SPI - 
In field of one of said plurality of internal tables and, if said SPI is recorded in said 
SPI - In field of said internal table, modifying the destination IP address to be the local 
IP address of said local device and passing said datagram to said LAN for routing and 
delivery to said local device, and if said SPI is not recorded in said SPI - In field of 
said internal table, determining whether said SPI- In field corresponding to the IP 
address of said external device is zero, and if said SPI -In field is not zero, discarding 
said datagram, and if said SPI - In field is equal to zero, modifying said SPI - In field 
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to be said SPI, modifying said destination IP address to be said local IP address of said 
local device, and passing said datagram to said LAN for routing and delivery to said 
local device" is inherently met by Boden in column 1, lines 55-59 and in column 3, 
lines 49-56. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Boden within the combination of Awadallah and 
Stevens because the use of SPI values is necessary to the correct operation of a gateway 
managing multiple connections. 

With respect to Claim 12, the limitation "the steps of starting a timer whenever a 
selected process-specific port address becomes bound to said local IP address of said 
local device, CU resettling said timer whenever said destination port address has 
become released, and sending a signal whenever said timer is active and a 
predetermined length of time has expired from the time said timer was started" is met 
by Awadallah et al on column 6, lines 65-67 and column 7, lines 1-4. 

With respect to Claim 14, the limitation "in which said external network is the 
internet" is met by Awadallah on column 1, lines 29-31. 

With respect to Claim 15 and 17, all the limitation is met by the combination of 
Awadallah and Stevens. 
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The limitation "in which said LAN is a virtual private network" is met by Boden on 
column 1, lines 24-25. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Boden within the combination of Awadallah 
and Stevens because a VPN is a well-known form of implementation of a LAN in the 
art. 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tracey Akpati whose telephone number is 703-305-7820. The 
examiner can normally be reached on 8.30am-6.00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 703-305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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